Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

My system is infected with a virus and I can't seem to clean it up.

Posted on 2007-03-20
9
Medium Priority
?
337 Views
Last Modified: 2013-12-28
One of my NT 4.0 Servers is infected with the w32.spybot.ALRD virus and I can't delete or quaranteen it. I have ran the latest updates and even tried removing it manually from the registry but I have not luck. Any ideas on what I can do to clean this up?
0
Comment
Question by:frankbustos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 6

Expert Comment

by:bgbeer
ID: 18761243
first thing U need to do is to find a barts pe, erd commander or a linux bootable cd
something that will give u access to the harddrive while keeping it inactive so that u can remove the virus.
0
 
LVL 6

Accepted Solution

by:
bgbeer earned 2000 total points
ID: 18761273
let me back up a minute!
the first thing I would do is to unplug this server from the network because it is a network aware worm that can and will spread to all other computers on the network.

after that u need to pull the ram and the cmos battery and let it sit for 10 minutes or so to empty all memory.
at that point find yourself a bootable cd that will keep your haddrive inactive while working w/ it.
0
 
LVL 6

Expert Comment

by:bgbeer
ID: 18761309
the other thing u that more than likely will need to be don is to reinstall
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 

Author Comment

by:frankbustos
ID: 18761414
Hi bgbeer,
   Ok, I will get it off the network then boot it with the ERD commander cd and see if I can delete the virus that way. I will let you know the results tomorrow as i'm off work for the rest of the evening.
0
 
LVL 6

Expert Comment

by:bgbeer
ID: 18761431
frank, after booting to erd commander the first thing I would do is tocheck for running processes.

with erd commander u will have restore points I would use them.
0
 

Author Comment

by:frankbustos
ID: 18761518
bgbeer,

  sounds good, I will do that.
thanks.
0
 
LVL 6

Expert Comment

by:bgbeer
ID: 18761547
no problem

good luck
0
 

Author Comment

by:frankbustos
ID: 18773188
thanks bgbeer,  I was able to clean out the system and get it back to normal.
0
 
LVL 6

Expert Comment

by:bgbeer
ID: 18777240
glad I could help
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question